24.11 -> 25.07
-
Re: To do 25.07 or not?! That is the question!
Just finished on an 1100. Did it from the console, option 13, after changing the system branch from 24.11 to 25.07 in the gui first. Estimated that it took a half hour with doing a backup, pre-install reboot, etc. No hiccups, but the step
[51/76] Extracting ca_root_nss-3.104_1: ....... done
Took a looong time, probably 5+ minutes there.
Now looking around for issues, nothing obvious so far.
Netgate 1100 and Netgate 2100, latest pfsense+ version
-
Thanks for the report.
Yes rehashing the certs there takes a while on lower power CPUs.
-
I got booted out of my firewall. Web just went to 403 Forbidden. SSH will open and immediately close. What is going on? That's not what you want to see during an update lol
EDIT: Damn I just had to reinstall from the last backup. Not trying this patch again for a good week or so....
-
Hmm, did you get any sort of errors in the upgrade log?
-
@stephenw10 Maybe, but since it kicked me out I can't get back in to see it.... I couldn't even get in via console. It screws with something on rc.init that screws everything up.
-
You see it failing something at boot?
-
It would be nice if the line said:
Extracting ca_root_nss-3.104_1, rehashing certs (be patient)....
dnf/yum style updates keep coughing up dots every few seconds as they work, to give you a clue that something is happening and the process is not hung. That didn't happen here.
I was wondering if the update had had a coronary, but I wisely kept my mitts off the keyboard and refilled my beer glass instead.
-
@beerguzzle No I didn't get that far. It just said whatever the first thing it says, Initializing or something then just booted me out of the web console, 403 Forbidden. SSH and console locked out too.
I've never seen anything like it in the 10 years I've been using pfSense lol
-
Hmm. What was it lead you to think rc.init was damaged? Just that it didn't boot?
I've love to see a console log if you can get it.
-
That's all I see lol. Boom 403, ssh locked.
-
-
Ok rebuilding that VM again lol
-
I wish I could tell you what caused it to screw up but like I said it boots me out, 403 Forbidden on web, SSH I think gripes about the same rc.initial missing once I authenticate. It pretty much hoses the system up.
-
I always take a VM snapshot before updates/patches/major finagling so I can revert if it blows up.
-
@beerguzzle Yup that's why I have this one. I got jumpy and wish I wouldn't have started my other mini-pc update. I don't have time to fix it today but it's at least passing traffic and keeping VPN tunnels up for now in it's crippled state lol.
-
Hmm, if you can replicate that try running the upgrade from the console directly using menu option 13.
-
Hey all โ just went through a rough upgrade from 24.11 to 25.07 on Proxmox VM AND standalone hardware that left the system in a half-broken state. Hoping this helps others avoid or recover from the same issues.
Symptoms I encountered
pkg broken: ld-elf.so.1: Shared object "libmd.so.7" not foundpfSense-upgrade claimed everything was up to date but /etc/version still showed 24.11
GUI upgrade caused a crash / boot loop
Repositories threw trusted key errors:
pkg-static: Error opening the trusted directory /usr/local/share/pfSense/keys/pkg/trusted
pkg-static: Error loading trusted certificates
pkg-static couldn't fetch anything โ packages not found or signature errorsNo way to rollback (bare metal)
๏ธ How I fixed it
Step 1: Update with pkg-static and ignore version mismatchenv IGNORE_OSVERSION=yes pkg-static update -f
Step 2: Temporarily disable signature verification
Edit this file:
vi /usr/local/etc/pkg/repos/pfSense.conf
Change both repos to:
signature_type: "none"
If the file is a symlink (e.g. to pfSense-repo-0001.conf), edit the actual file in /usr/local/etc/pfSense/pkg/repos/.Step 3: Update repo URLs to point to 25.07
Example:
sed -i '' 's/v24_11/v25_07/g' /usr/local/etc/pfSense/pkg/repos/pfSense-repo-0001.conf
Then refresh again:
env IGNORE_OSVERSION=yes pkg-static update -fStep 4: Force reinstall core pfSense packages
env IGNORE_OSVERSION=yes pkg-static install -fy pfSense-base pfSense-kernel-pfSense pfSense-default-config pfSense-repo pfSense-upgrade pfSense pfSense-boot
If it prompts to upgrade pkg, allow it.Step 5: Trigger the upgrade handler
pfSense-upgrade -d
If it still doesnโt change the version, run:
pfSense-upgrade -d -cStep 6: Reboot
reboot
Success Confirmation
After reboot:cat /etc/version
Should return:
25.07-RELEASEAnd:
uname -a
Should show:
FreeBSD 15.0-CURRENT blah blah 25.07...
Final Notes
I suspect MAAAAAAAAYBE having the CrowdSec beta package installed may have complicated the upgrade? I'm not 100% sure on this, but it's a possibility. I still reinstalled it afterward the upgrade again cause it's badass and needs to be fully supported as a package.GUI upgrade kept crashing and bricking the box โ CLI was the only viable path.
NOTE: Always snapshot before upgrades if you're using ZFS or VM-based installs.
-
@Zermus said in 24.11 -> 25.07:
I suspect MAAAAAAAAYBE having the CrowdSec beta package installed may have complicated the upgrade?
Does that require adding a 3rd part repo? If so it could definitely cause a problem.
-
@stephenw10 No it doesn't install a 3rd party repo. However... it could possibly
Mess with shared libraries (libmd.so, libssl.so, etc.) getting replaced or misaligned.
Create conflicts in /etc/rc.conf, init scripts, or pkg metadata.
OS version expectations (pkg or pfSense-upgrade behaving strangely).
